Commit graph

5362 commits

Author SHA1 Message Date
lain
a4afeed426 Uploads: Sandbox them in the CSP. 2020-05-01 01:37:26 +03:00
Mark Felder
8cf4e1619e Fix Oban not receiving :ok from RichMediaHelper job 2020-05-01 01:11:51 +03:00
Ivan Tashkinov
862d4886c9 [#1682] Fixed Basic Auth permissions issue by disabling OAuth scopes checks when password is provided. Refactored plugs skipping functionality. 2020-05-01 01:00:37 +03:00
rinpatch
da4923f2e5 Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'
Enforcement of OAuth scopes check for authenticated API endpoints

See merge request pleroma/pleroma!2349
2020-05-01 00:58:40 +03:00
lain
1ebf8db2a5 Merge branch 'fix-object_age_policy' into 'develop'
Fix ObjectAgePolicy

See merge request pleroma/pleroma!2404
2020-05-01 00:55:37 +03:00
Haelwenn
2ff3b85326 Merge branch 'bugfix/1670-user-count' into 'develop'
Stats: Ignore internal users for user count.

Closes #1670

See merge request pleroma/pleroma!2414
2020-05-01 00:55:37 +03:00
Haelwenn
bf4b5f3856 Merge branch 'fix/follow-and-blocks-import' into 'develop'
Fix follower/blocks import when nicknames starts with @

Closes #1698

See merge request pleroma/pleroma!2416
2020-05-01 00:55:37 +03:00
lain
2e58fe08cd CommonAPI: Don't make repeating announces possible 2020-05-01 00:55:34 +03:00
Alex Gleason
6e0b046771 Let blob: pass CSP 2020-05-01 00:40:09 +03:00
eugenijm
78391a00c5 Mastodon API: do not create a following relationship if the corresponding follow request doesn't exist when calling POST /api/v1/follow_requests/:id/authorize 2020-05-01 00:39:23 +03:00
rinpatch
61889e00fc Deactivate local users on deletion instead of deleting the record
Prevents the possibility of re-registration, which allowed to read
DMs of the deleted account.

Also includes a migration that tries to find any already deleted
accounts and insert skeletons for them.

Closes pleroma/pleroma#1687
2020-05-01 00:38:58 +03:00
rinpatch
94240cac4e Merge branch 'fix-auto-link-for-profile-fields' into 'develop'
Use Pleroma.Formatter.linkify/2 instead

See merge request pleroma/pleroma!2352
2020-04-08 00:29:19 +03:00
Haelwenn
b0a9a02af3 Merge branch 'feature/funkwhale-audio' into 'develop'
Add support for funkwhale Audio activity

Closes #764 and #1624

See merge request pleroma/pleroma!2287
2020-04-02 23:00:23 +03:00
Haelwenn
01a3f145d5 Merge branch 'bugfix/funkwhale-channel' into 'develop'
Fix profile url for funkwhale channels, removes one source_data use

Closes #1653

See merge request pleroma/pleroma!2333
2020-04-02 22:55:09 +03:00
rinpatch
e99e2a86af Merge branch 'bugfix/profile-bio-newline' into 'develop'
AccountView: fix for other forms of <br> in bio

Closes #1643

See merge request pleroma/pleroma!2322
2020-03-31 13:42:02 +03:00
lain
c4d3ccc7b9 Merge branch 'admin-api-change-password' into 'develop'
Admin API: `PATCH /api/pleroma/admin/users/:nickname/update_credentials`

See merge request pleroma/pleroma!2149
2020-03-31 13:41:47 +03:00
10b7b2b4a4 Merge branch 'fix/activity-deletion' into 'develop'
Fix activity deletion

Closes #1640

See merge request pleroma/pleroma!2328
2020-03-31 13:40:28 +03:00
rinpatch
0e92aa0025 Merge branch '1364-notifications-sending-control' into 'develop'
[#1364] Ability to opt-out of notifications (in all clients)

Closes #1364

See merge request pleroma/pleroma!2301
2020-03-31 13:39:58 +03:00
rinpatch
c46d035f7b rate limiter: disable based on if remote ip was found, not on if the plug was enabled
The current rate limiter disable logic won't trigger when the remote ip
is not forwarded, only when the remoteip plug is not enabled, which is
not the case on most instances since it's enabled by default. This
changes the behavior to warn and disable  when the remote ip was not forwarded,
even if the RemoteIP plug is enabled.

Also closes #1620
2020-03-16 00:15:21 +03:00
rinpatch
9d09755291 rip out fetch_initial_posts
Every time someone tries to use it, it goes mad and tries to scrape the
entire fediverse for no visible reason, it's better to just remove it
than continue shipping it in it's current state.

idea acked by lain and feld on irc

Closes #1595 #1422
2020-03-16 00:15:11 +03:00
rinpatch
fcf51a77ba Merge branch 'features/staticfe-sanitization' into 'develop'
static_fe: Sanitize HTML

Closes #1614

See merge request pleroma/pleroma!2299
2020-03-16 00:14:04 +03:00
Haelwenn (lanodan) Monnier
306d633b40 pleroma_api_controller.ex: Improve conversations error reporting
Related: https://git.pleroma.social/pleroma/pleroma/issues/1594
2020-03-15 17:01:33 +03:00
rinpatch
0b823755a2 Merge branch 'fix/cache-control-headers' into 'develop'
Fix Cache Control headers on media

See merge request pleroma/pleroma!2295
2020-03-15 17:01:04 +03:00
Haelwenn (lanodan) Monnier
3f54215219 auth_controller.ex: Add admin scope to MastoFE
Related: https://git.pleroma.social/pleroma/pleroma/issues/1265
2020-03-15 17:00:41 +03:00
Egor Kislitsyn
ffd636f109 Fix hashtags WebSocket streaming 2020-03-15 17:00:18 +03:00
Phil Hagelberg
bd80ff9a6c Fix static FE plug to handle missing Accept header. 2020-03-15 17:00:06 +03:00
Haelwenn (lanodan) Monnier
5f9fbd7d33 Formatting: Do not use \n and prefer <br> instead
It moves bbcode to bbcode_pleroma as the former is owned by kaniini
and transfering ownership wasn't done in a timely manner.

Closes: https://git.pleroma.social/pleroma/pleroma/issues/1374
Closes: https://git.pleroma.social/pleroma/pleroma/issues/1375
2020-03-15 16:59:52 +03:00
rinpatch
80bc8c2cc9 Revert "Set better Cache-Control header for static content"
On furher investigation it seems like all that did was cause unintuitive
behavior. The emoji request flood that was the reason for introducing it
isn't really that big of a deal either, since Plug.Static only needs to
read file modification time and size to determine the ETag.

Closes #1613
2020-03-15 16:59:39 +03:00
e7837bc14e Merge branch 'fix/signup-without-email' into 'develop'
Allow account registration without an email

See merge request pleroma/pleroma!2246
2020-03-15 16:58:51 +03:00
Mark Felder
f8dc597c51 Fix enforcement of character limits 2020-03-15 16:58:13 +03:00
rinpatch
423cfaf141 Merge branch 'fix/1610-release-compilation-config-fix' into 'develop'
Merging default release config on app start

Closes #1610

See merge request pleroma/pleroma!2288
2020-03-15 16:57:59 +03:00
Alexander Strizhakov
7cf7083076 relay list shows hosts without accepted follow 2020-03-15 16:55:20 +03:00
rinpatch
6cf1958b02 moderation log: fix improperly migrated data
Some of the actions used to have a user map as a subject, which was then
changed to an array of user maps. However instead of migrating old data
there was just a hack to transform it every time, moreover this hack
didn't include all possible actions, which resulted in crashes. This
commit fixes the crashes by introducing a proper database migration for old data.

Closes #1606
2020-03-07 17:00:58 +03:00
Alexander Strizhakov
474ef512df wait in mix task while pleroma is rebooted 2020-03-07 16:02:55 +03:00
lain
47604907c9 Merge branch 'proper_error_messages' into 'develop'
MastodonController: Return 404 errors correctly.

See merge request pleroma/pleroma!2270
2020-03-05 11:49:51 +00:00
Haelwenn
927079e2ff Merge branch 'fix/stats-on-startup' into 'develop'
Generate instance stats on startup

Closes #1598

See merge request pleroma/pleroma!2271
2020-03-05 07:25:23 +00:00
Mark Felder
cdb05633a6 Generate instance stats on startup 2020-03-04 13:33:26 -06:00
9b740cfb23 Merge branch 'exclude-reblogs-from-admin-api-by-default' into 'develop'
Exclude reblogs from `GET /api/pleroma/admin/statuses` by default

Closes #1596

See merge request pleroma/pleroma!2267
2020-03-04 18:22:37 +00:00
lain
4bce13fa2f MastodonController: Return 404 errors correctly. 2020-03-04 18:09:06 +01:00
lain
6f7a8c43a2 Merge branch 'fix/no-email-no-fail' into 'develop'
Do not fail when user has no email

See merge request pleroma/pleroma!2249
2020-03-04 12:43:06 +00:00
Mark Felder
05da5f5cca Update Copyrights 2020-03-03 16:44:49 -06:00
eugenijm
7af431c150 Exclude reblogs from GET /api/pleroma/admin/statuses by default 2020-03-02 16:47:31 +03:00
Haelwenn
764a50f8a6 Merge branch 'feature/1482-activity_pub_transactions' into 'develop'
ActivityPub actions & side-effects in transaction

Closes #1482

See merge request pleroma/pleroma!2089
2020-03-02 07:58:01 +00:00
Haelwenn (lanodan) Monnier
6da6540036
Bump copyright years of files changed after 2020-01-07
Done via the following command:
git diff fcd5dd259a --stat --name-only | xargs sed -i '/Pleroma Authors/c# Copyright © 2017-2020 Pleroma Authors <https:\/\/pleroma.social\/>'
2020-03-02 06:08:45 +01:00
Alexander Strizhakov
34f1d09f3a
spec fix 2020-03-01 12:01:39 +03:00
Alexander Strizhakov
ba87ed7335
fix for compiling 2020-03-01 12:01:39 +03:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction 2020-03-01 12:01:39 +03:00
rinpatch
b5465bf385 timeline controller: add a TODO for replacing copypaste with a macro 2020-03-01 02:03:46 +03:00
rinpatch
ffcebe7e22 timeline controller: rate limit timelines to 3 requests per 500ms per timeline per ip/user 2020-03-01 01:13:08 +03:00
rinpatch
4d416343fa rate limiter: Fix a race condition
When multiple requests are processed by rate limiter plug at the same
time and the bucket is not yet initialized, both would try to initialize
the bucket resulting in an internal server error.
2020-03-01 01:13:07 +03:00